General
-
Target
346425230d5fe038e5ee5f9e35f9c45578facae0364d0e62b2bbd42bc0b3fbac
-
Size
211KB
-
Sample
220521-pmx97sffd2
-
MD5
91206f2d2178e023ae6a647d5b39b6fd
-
SHA1
b0e958f13a857316dd3757c4a2f12625319b65de
-
SHA256
346425230d5fe038e5ee5f9e35f9c45578facae0364d0e62b2bbd42bc0b3fbac
-
SHA512
010cd65a11fcbc0b38ab1e389a1d0e161284e54b8ac9c7b777f97ce8c14b7ec97f1a7ecabb76bbbf5f1b09d86f0f193a6b8120615030f1ca834550652cf63986
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Receipt.AWB no 0904202076.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_Receipt.AWB no 0904202076.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://198.23.200.239/~boxing/.tcsogb/vc.php/53i9zXCT3LNPn
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL_Receipt.AWB no 0904202076.exe
-
Size
292KB
-
MD5
bdcf110abccdcba43da2d92997384811
-
SHA1
a14beb840ffbb875fcd23a102e30087fc0f03ea0
-
SHA256
fc8bcf14b8dd3bd8f21c2453bd9de6a1e2f0f52e26641d5b398dbd1c67d1437b
-
SHA512
d581141d59dbf62a4599c1d4d09f1383a9adc6b183c9a6ad52f89b23889b4f3f5554996f1c50907f7899c108c3bcdcb97907518212ecffbce69397f1e813c6db
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-